My research, which resulted in my thesis, was mostly a breach of users’ privacy. I collected their data, run some data-mining algorithms and detect whether or not they could be classified as possible insider’s threats. This fired a series of events that led me to a simple conclusion. What if we use OSINT the other way round?
Open-source intelligence is known for quite some time. When you pentest an organization you do a passive recon on the target before you get to the real deal. In general, OSINT is an effort to know as much about a target as possible without alerting the target. Note here: Most greek pentesting teams never run passive recons which ends up with guys bruteforcing passwords that you already have 😛
One could use OSINT though the other way around. Instead of collecting information on a target, collect information about changes made on a target. In other words, one could use tools already known, along with IDS (Intrusion Detection Systems), as IDS or complimentary. The effect of this is simple, an organisation can surely decrease the response time of an incident handling team without spending a dollar. Under certain circumstances (security policy) an organization may reduce the overall risk as well. One could use the same approach to detect the correct time to fire an attack.
Certain examples of reverse OSINT. Twitter, Facebook, social media in general and certain forums are handy when it comes to OSINT. I have found in Twitter everything from cellphones to home addresses, alerts for leaks etc. I will be releasing a twitter crawler I developed soon 😉 Google Alerts is a nice way to detect OSINT as well. You could check for leaks regarding your site etc and they are simple to use. Problem is they are updated every now and then and a leak may already be deleted. Quite easy to solve if you use a monitoring tool (which will store the leaks as well).
Updates are gonna come regarding this one.